Case Study: Google strengthens GitHub Actions security and saves developer time with StepSecurity

Google Automates GitHub Actions Security for their Open-Source Projects with StepSecurity

The customer, Google, faced challenges in securing their numerous open-source project CI/CD pipelines on GitHub Actions from supply chain attacks. They needed to automate security best practices, harden their GitHub-hosted runners, and consistently orchestrate standardized security workflows across multiple repositories, which was a laborious and time-consuming manual process for their developers.

The vendor, StepSecurity, implemented their Harden-Runner product to provide network and runtime security for the pipelines and used their orchestration solution to automatically apply security fixes and deploy standardized workflows. This solution enabled Google to secure their workflows from potential attacks, saved hundreds of developer hours, and improved productivity by automating security compliance across their open-source projects.

Google